Interacting with the web application provided by the Docker VM, we notice it is running a WordPress instance:
The next step in our attack will be running the
wpscan tool and looking for any low-hanging fruit, and gathering as much information about the instance as possible.
wpscan tool is available on Kali and almost any other penetration-testing-focused distribution. The latest version can be pulled from https://github.com/wpscanteam/wpscan.
We can start our attack by issuing a
wpscan command in the attack machine terminal. By default, passive detection will be enabled to look for ...